Cybercrimes And The Growing Importance Of SDN Technology

Cybercrimes And The Growing Importance Of SDN Technology

Last months Cloud Security Alliance Central Eastern Europe Summit gave a good opportunity to learn about the Cloud Computing market in areas of Europe that are less reviewed. The congress, held in the center of the old city of Ljubljana, provided interesting mixture of Information Security professionals along with various cloud providers and end users coming to explore the news in this dynamic world of cloud computing.

And the news was definitely coming in a storm. First speaker for the morning was Raj Samani, EMEA CTO for McAfee who gave an interesting look at the eco-system of Cybercrimes. In an excellent performance, Mr. Samani described how the cloud models are also propagating into the Cyber Crimes ecosystems. “Cyber Criminals today do not need to be a disturbed computer genius“, he explained, “All you need to have is a credit card“.

Cybercrimes usually contain three components: Research, CrimeWare and Infrastructure. All those components can be acquired in the same models of cloud services as we know from our daily life,  McAfee CTO revealed as he ran slides describing different services starting from spam and botnet for hire but also going all the way up to e-mail hacking service and even guns and hit-man as service websites. While we know that those services exist for a long time now, it was hard not to be impressed from the sophistication and the granularity of each service details. The level of transparency and detailed SLA that some of those “hackers of a service” adopted, can even provide some lessons to traditional cloud providers.

In the next presentation, François Gratiolet, EMEA CISO for Qualys, gave a brief review about the business drivers and market characteristics of security as service offering. “SecAAS can improve the business security by enabling the organization to focus on its key assets and risk management while maintaining flexibility and agility“, he explained, “but the offering still needs to mature and provide more governance, liability and transparency“.

The call for more transparency from the cloud providers is repeating in all cloud security conferences, and some cloud providers recognize it as business advantage. Jan Bervar, CTO for NIL, presented how NIL, a local IaaS and PaaS Provider, has taken the strategy of providing secure cloud services that are trustable and transparent.  “We set controls and strict standards on our services“, explained Mr. Bervar while he listed cloud computing top threats and how NIL offering is protecting customers against those risks.

Governments and the EU commission are also aware of the fact that they need to help cloud consumers and cloud providers to increase trust among them. The EU strategy for cloud computing includes a plan to “cut through the jungle of laws and regulation” that currently many stakeholders encounter. Big part of this process is dependent on the new data protection law for the EU that is being promoted as we speak. Gloria Marcoccio, from the Italian chapter of the Cloud Security Alliance, reviews the progress of the new EU data protection legislation and its effect on cloud computing players. Judging from that lecture and other lectures such as lawyer Boris Kozlevcar presentation about SLA and PLA challenges in the cloud, emphasize how important governments role in enabling the business and legal framework for cloud computing practices.

When discussing the future of cloud computing, we are starting to hear more about “Cloud Brokerage“. Dr. Jesus Luna Garcia from the Cloud Security Alliance explained the role of Cloud Brokerage in his presentation about Helix Nebula, a cloud environment built for providing computing resources for science and academic organizations in the EU.  Helix Nebula project act as intermediate between the consumers and a variety of cloud services and provide added value services such as standard security policy and secure data transfer across providers as well as continues monitoring and different service levels. This interesting model is a good sign for how the future implementation of cloud brokerage will look like.

Shifting from the legal and business aspects to the technology challenges. Interesting presentations heard from Trend Micro presenting their solution for virtual environments and the future of security in hybrid clouds. The new software define network technology was also introduced in a presentation by researchers from the university of Ljubljana elaborating this new technology challenges and benefits. SDN technology will probably change the way we treat network security in the cloud and has excellent potential to give a kick start to new technologies dealing with the threats of tomorrow.

And of course, no security conference these days is complete without discussing the challenges of government access to data, inspired by PRISM and Snowden leaks.  In the two concluding presentations from Astec and Slovenian cert it was discussed the effects of the latest news about the extent of US government and other governments in their pursuit of data access.  There is much to be said on this topic and it hard to summarize it in one article, but bottom line is that governments across the globe are spying on private communication and will probably continue to do so.

The effect on cloud computing adoption will probably remain for the short term only, since the cloud value proposition is just too high to ignore.

moshe-ferberBy Moshe Ferber,

Moshe is a security entrepreneur and investor. With over 20 years’ experience in information security at various industry positions.  Currently focused on Cloud Computing as board member for Cloud alliance Israeli Chapter, public speaker on various cloud aspects and investor at Clarisite and FortyCloud – Startup companies with innovative security solutions. More information can be found at: www.onlinecloudsec.com

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups Cloud platforms have become a necessary part of modern business with the benefits far outweighing the risks. However, the risks are real and account for billions of dollars in losses across the globe per year. If you’ve been hacked, you’re not alone. Here are some other companies in the past…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the customer” may be more powerful. Two recurring revenue imperatives highlight the importance of responding to, and cherishing customer interactions. Technology and competitive advantage influence the final two. If you’re part of the movement towards recurring…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have any of their efforts really improved security? Today we hear journalists and industry experts talk about the erosion of the perimeter. Some say it’s squishy, others say it’s spongy, and yet another claims it crunchy.…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…